Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 7.11.1  Security Vulnerabilities
CVE-2020-10081
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-03-13
CVE-2019-13003
An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-03-10
CVE-2019-12428
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-03-10
CVE-2020-7973
GitLab through 12.7.2 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-05
CVE-2020-7968
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
CVE-2020-5197
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-01-13
CVE-2019-19257
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-03
CVE-2019-19260
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).
CVSS Score
5.4
EPSS Score
0.001
Published
2020-01-03
CVE-2019-15584
A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-12-20
CVE-2019-5486
A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-12-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved